Freelancer profile translated to English.

Description

Passionate about cybersecurity, I specialize in the study, analysis, threat hunting, as well as the integration, implementation, and deployment of cyber-resilient, robust, and adapted infrastructures for critical environments. I am looking for assignments to leverage my expertise in information system security, technological watch, and to participate in study, design, and integration projects for innovative solutions for incident detection and response. I would like to bring my enthusiasm, creativity, analytical skills, and contribute to the implementation of security solutions in innovative environments.

Languages

French
Native or bilingual

Workplace preferences

Can work on-site

Toulouse (up to 50km), Marseille (up to 50km), Paris (up to 50km), Bordeaux (up to 50km)

XEFI Toulouse OUEST et EST
Assistant Operational Technical Manager (CTO)
June 2024 - February 2025 (8 months)
Toulouse, France
■ Assistance in auditing the information systems of XEFI Toulouse OUEST and EST clients (VSE/SME/Mid-cap).
■ Study, sizing, and design of a high-availability on-premise SIEM/SOC NextGen architecture (Wazuh, Graylog, ELK, OpenSearch).
■ Implementation of advanced security rules and SIEM/SOC solutions compliant with ANSSI standards.
■ Construction and implementation of security dashboards, MITRE ATT&CK for coverage monitoring.
■ Monitoring and management of vulnerabilities in a critical medical environment (Client of the XEFI group).
■ Coordination of technical remediations after audits and penetration tests for XEFI clients.
■ Vulnerability analysis: CVE, POC, Zero-Day.
■ Exploitation of vulnerability scan results.
■ Monitoring of critical CVEs detection/patching.
■ Security operational reporting to the IT Directors of XEFI group clients.
■ Incident investigation (phishing, lateral movement, exfiltration).
■ Assistance and monitoring for the implementation of the NIST Framework standard.
■ Writing incident reports, post-mortems, and recommendations.
■ Implementation of hardening recommendations on over 100+ servers.
■ Contribution to architecture review and IT changes.
■ Development of scripts for client integration to the platform.
■ Deployment of Advanced Detection Rules.
■ Development of normalization and filtering scripts for client logs.
■ Integration of audit and forensic tools into the SOC infrastructure.
■ Construction of Security Dashboards.
■ Development of scripts for 3rd party integrations (O365, SOPHOS, Fortigate, PaloAlto, PFsense, MISP, OpenCTI).
■ Writing Technical Design Documents (DAT/Dex).
■ SOC Analyst L3.

Technical environment:
♦ System: Linux Server Debian 10, Ubuntu 22.04 LTS, Centos 8
/ Tools: SIEM, Open Source SOC (WAZUH and ELK), Bash, Python, Suricata, Yara, PowerShell, Ansible, VirusTotal, Terraform, Vscode, NIST, OpenVas
Berger-Levrault
Technical Architect and Open Source Cybersecurity
SOFTWARE PUBLISHING
August 2022 - March 2024 (1 year and 7 months)
Labège, France
■ Study, deployment, and security of managed Kubernetes clusters.
■ Daily management of Kubernetes services and clusters.
■ Coordination of technical remediations after audits and penetration tests on Kubernetes clusters.
■ Architecture and deployment of multi-site SIEM Elasticsearch logging platforms.
■ Crisis management, working under pressure in a major cyberattack context (detection, containment, investigation, remediation, and post-incident capitalization).
■ Forensic analysis on our application servers and Active Directory.
■ Migration and security of Active Directory servers in a cyberattack context.
■ Investigation of Active Directory intrusions.
■ Hardening of directory and backend servers.
■ Multi-site Active Directory Architecture Design.
■ Implementation and deployment of MFA on our Linux platforms via Ansible.
■ Management of critical vulnerabilities.
■ Deployment of public cloud platforms with Terraform.
■ Construction of security dashboards for our clients.
■ Bash and PowerShell scripting for task automation for L1 and L2 teams.
■ Assistance and monitoring for the implementation of ISO 27001 and NIST standards.
■ Implementation of internal audits and security reviews.
■ Consulting on client data protection in the cloud.
■ Deployment of Open Source Bastions.
■ Writing Technical Design Documents (DAT/Dex).
■ Integration of microservice audit tools (Kubernetes and Docker).
Windows Server Linux Cybersecurity Automation Cloud Engineer PenTest
L'UNION
BYG Informatique (Middleware)
January 2020 - June 2022 (2 years and 5 months)
■ Hybrid Infrastructure Security Architecture (IS, network, Cloud, AD).
■ Architecture and Deployment of a SIEM/SOC platform (TheHive, ELK, Wazuh Cortex, OpenCTI, and MISP).
■ Daily monitoring of critical vulnerabilities affecting the IS (proxy, VPN, Exchange).
■ Coordination of technical remediations after external penetration tests.
■ Implementation and administration of Office 365 Tenants.
■ Development of scripts for auditing Office 365 Tenants.
■ Active Directory hardening (GPO, privileged accounts, logs).
■ Operational mapping of IS, flows, and dependencies.
■ ISO 27001 technical compliance.
■ Stormshield Firewall Administration.
■ Backup and Recovery Management (Nakivo Backup & Replication).
■ Network and Firewall Management at our sites (Nancy - Toulouse).
■ Administration of HYPER-V Clusters and Windows Servers 2012R2, 2016, 2019.
■ Bitdefender Endpoint Security Antivirus Administration.
■ Business Continuity Plan (BCP/DRP), vendor management.
■ PowerShell scripting for task automation.
■ Installation and configuration of Linux servers (Centos Ubuntu Debian) and Windows (2012R2/2016/2019).
■ Monitoring Server Administration.
■ Penetration tests on our backend servers.
■ SOC Analyst L3.
■ Cloud platform audit.

Technical environment:
♦ System: Linux Server Debian 10, Ubuntu 20.04 LTS, Centos 7 and 8
♦ Network: HPE Equipment
♦ Visualizations: Hyper-V
/ Tools: PRTG, HPE routers and switches, Stormshield, OCS Inventory, Wireshark, Snort, Nmap, IPSEC/VPN, Powershell, Bash, SIEM, SOC, MISP, TheHive, Bitdefender, SOC (ELK/Wazuh/Graylog), Aws Cli, Kali